Sujet Précédent Sujet Suivant

Probleme d'explorer.exe Sous vista

ti² -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Alors voilà, depuis quelque temps mon explorateur vista plante, je ne m'étais soucié de rien pensant que ça venait de vista , cependant, là mon antivirus Nod 32 s'alarme souvent en detectant un virus provenant de fichiers Dll à chaque fois different et une erreur de temps à autre s'affiche :

Run Dll
C:\users\****\Appdata\Local\Temp\****.dll
entrée manquante : run

Donc je ne comprend pas ce virus surtout que jai lancé C cleaner, Avg anti-spyware free version, Windows Defender et enfin une analyse aprofondie sous Nod 32 , aucun problème détecté mais l'erreur reste toujours la même : l'explorer plante très souvent et jai même l'impression que c'est de pire en pire.
A noter que avant d'installer Nod 32 et Avg anti spyware je possedais Avast et spybot mais on dirait que depuis que j'ai changé , mon ordi a été infecté.
Merci de répondre à mon problème qui est disons le fort énervant ^^
A voir également:

16 réponses

Réponse 1 / 16
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

___________________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

secuser en ligne :
http://www.secuser.com/outils/antivirus.htm

scan en ligne firefox

https://www.trendmicro.com/fr_fr/business.html
0
Réponse 2 / 16
ti²
 
Désolé mais Mozilla Firefox et internet explorer n'ont pu me donner un rapport d'analyse d'antivirus car ils plantaient à chaque fois :/
Cependant je me souviens bien que j'avais déjà effectué un test avec bitdefender mais il ne m'avait rien trouvé :/
sinon voici ce que Hijackthis me dit :

"Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:17, on 05/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\ico.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Mail\WindowsMailGadget.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Eset\nod32.exe
C:\Windows\Explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {028AABDD-FA66-405B-9C2A-B12DB97445D7} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1618E7E6-D452-473A-9FC4-4B9B793128B0} - (no file)
O2 - BHO: (no name) - {1B8188BA-A385-4412-81FA-F6CB05CEEA55} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {4BB1745E-208D-48A0-9F3F-FF2ECB45D750} - (no file)
O2 - BHO: (no name) - {50F87EEA-B7D5-42F4-A1EC-3146A2FD954B} - (no file)
O2 - BHO: (no name) - {5B61A034-F94C-4B45-9CD1-4B546125627A} - (no file)
O2 - BHO: (no name) - {5C2FA12C-B9B6-4587-8EDE-93CCC63A52DE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8383A6EC-3F0E-4181-8864-4D3CE8A0EE0C} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92FA356D-5F53-4E12-ADBC-4713919AFC2A} - (no file)
O2 - BHO: (no name) - {931DE3CD-6D6A-4AF2-80D8-18F6D283C575} - (no file)
O2 - BHO: {06db0395-ca81-ea09-af94-cfb249bff789} - {987ffb94-2bfc-49fa-90ae-18ac5930bd60} - C:\Windows\system32\lpktwjlf.dll
O2 - BHO: (no name) - {9A3E49D3-A791-475C-B71E-4C9C26AF5178} - (no file)
O2 - BHO: (no name) - {9B5ACAF7-53CF-42AB-8BEA-2716E678BD85} - (no file)
O2 - BHO: (no name) - {A2E694D5-FFDC-480A-8D57-03D6C61296DF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ACDD711E-F3A0-49FE-AD6A-76AEE17908EA} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B632E37B-9D3A-406F-BC57-D19DB58ED01C} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: (no name) - {E86B8737-CB3B-4E8C-917A-7E9DE37C522F} - C:\Windows\system32\tuvwv.dll
O2 - BHO: (no name) - {EAEFAA72-13D9-4637-97D7-C1C67A09C7FA} - (no file)
O2 - BHO: (no name) - {EDF43B2D-816F-4E2C-BEBF-1973632D2B6E} - (no file)
O2 - BHO: (no name) - {F3D8A3A0-8743-4A6D-BA4A-FDAF9267921F} - (no file)
O2 - BHO: (no name) - {F4EF22A4-2316-4776-A8FE-AEE94BA7A8BD} - (no file)
O2 - BHO: (no name) - {F608DA3C-508F-4B64-94C4-AEAF549D5B25} - (no file)
O2 - BHO: (no name) - {FCA02533-430B-4792-AF11-E9D010919E99} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqpq.dll,#1
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [728be7bc] rundll32.exe "C:\Windows\system32\xywmtcah.dll",b
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Freulon\AppData\Local\Temp\nnlll.dll,#1
O4 - HKCU\..\Run: [728be7bc] rundll32.exe "C:\Users\Freulon\AppData\Local\Temp\wwunrxff.dll",b
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Freulon\AppData\Local\Temp\chsclupr.dll",run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2836830652-3049038524-373805858-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 3 / 16
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
relance hiajckthis, fais do a system scan only puis selectionne et vire ces lignes (fix cheked)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=1071219
O2 - BHO: (no name) - {028AABDD-FA66-405B-9C2A-B12DB97445D7} - (no file)
O2 - BHO: (no name) - {1618E7E6-D452-473A-9FC4-4B9B793128B0} - (no file)
O2 - BHO: (no name) - {1B8188BA-A385-4412-81FA-F6CB05CEEA55} - (no file)
O2 - BHO: (no name) - {4BB1745E-208D-48A0-9F3F-FF2ECB45D750} - (no file)
O2 - BHO: (no name) - {50F87EEA-B7D5-42F4-A1EC-3146A2FD954B} - (no file)
O2 - BHO: (no name) - {5B61A034-F94C-4B45-9CD1-4B546125627A} - (no file)
O2 - BHO: (no name) - {5C2FA12C-B9B6-4587-8EDE-93CCC63A52DE} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8383A6EC-3F0E-4181-8864-4D3CE8A0EE0C} - (no file)
O2 - BHO: (no name) - {92FA356D-5F53-4E12-ADBC-4713919AFC2A} - (no file)
O2 - BHO: (no name) - {931DE3CD-6D6A-4AF2-80D8-18F6D283C575} - (no file)
O2 - BHO: {06db0395-ca81-ea09-af94-cfb249bff789} - {987ffb94-2bfc-49fa-90ae-18ac5930bd60} - C:\Windows\system32\lpktwjlf.dll
O2 - BHO: (no name) - {9A3E49D3-A791-475C-B71E-4C9C26AF5178} - (no file)
O2 - BHO: (no name) - {9B5ACAF7-53CF-42AB-8BEA-2716E678BD85} - (no file)
O2 - BHO: (no name) - {A2E694D5-FFDC-480A-8D57-03D6C61296DF} - (no file)
O2 - BHO: (no name) - {ACDD711E-F3A0-49FE-AD6A-76AEE17908EA} - (no file)
O2 - BHO: (no name) - {B632E37B-9D3A-406F-BC57-D19DB58ED01C} - (no file)
O2 - BHO: (no name) - {E86B8737-CB3B-4E8C-917A-7E9DE37C522F} - C:\Windows\system32\tuvwv.dll
O2 - BHO: (no name) - {EAEFAA72-13D9-4637-97D7-C1C67A09C7FA} - (no file)
O2 - BHO: (no name) - {EDF43B2D-816F-4E2C-BEBF-1973632D2B6E} - (no file)
O2 - BHO: (no name) - {F3D8A3A0-8743-4A6D-BA4A-FDAF9267921F} - (no file)
O2 - BHO: (no name) - {F4EF22A4-2316-4776-A8FE-AEE94BA7A8BD} - (no file)
O2 - BHO: (no name) - {F608DA3C-508F-4B64-94C4-AEAF549D5B25} - (no file)
O2 - BHO: (no name) - {FCA02533-430B-4792-AF11-E9D010919E99} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [728be7bc] rundll32.exe "C:\Windows\system32\xywmtcah.dll",b

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Freulon\AppData\Local\Temp\nnlll.dll,#1
O4 - HKCU\..\Run: [728be7bc] rundll32.exe "C:\Users\Freulon\AppData\Local\Temp\wwunrxff.dll",b
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Freulon\AppData\Local\Temp\chsclupr.dll",run

________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

________

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Windows\system32\tuvwv.dll
C:\Windows\system32\lpktwjlf.dll
C:\Windows\system32\xywmtcah.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
C:\Program Files\Helper\1201110269.dll

__________________
recolle hiajkchtis et dis tes soucis
0
Réponse 4 / 16
ti²
 
slt,
Alors j'ai suivi ta procédure mais il y a toujours le même probleme :/
Je post le dernier rapport éffectué :
"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:58, on 06/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=1071219
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {028AABDD-FA66-405B-9C2A-B12DB97445D7} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1618E7E6-D452-473A-9FC4-4B9B793128B0} - (no file)
O2 - BHO: (no name) - {1B8188BA-A385-4412-81FA-F6CB05CEEA55} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {4BB1745E-208D-48A0-9F3F-FF2ECB45D750} - (no file)
O2 - BHO: (no name) - {50F87EEA-B7D5-42F4-A1EC-3146A2FD954B} - (no file)
O2 - BHO: (no name) - {5B61A034-F94C-4B45-9CD1-4B546125627A} - (no file)
O2 - BHO: (no name) - {5C2FA12C-B9B6-4587-8EDE-93CCC63A52DE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8383A6EC-3F0E-4181-8864-4D3CE8A0EE0C} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92FA356D-5F53-4E12-ADBC-4713919AFC2A} - (no file)
O2 - BHO: (no name) - {931DE3CD-6D6A-4AF2-80D8-18F6D283C575} - (no file)
O2 - BHO: {06db0395-ca81-ea09-af94-cfb249bff789} - {987ffb94-2bfc-49fa-90ae-18ac5930bd60} - C:\Windows\system32\lpktwjlf.dll
O2 - BHO: (no name) - {9A3E49D3-A791-475C-B71E-4C9C26AF5178} - (no file)
O2 - BHO: (no name) - {9B5ACAF7-53CF-42AB-8BEA-2716E678BD85} - (no file)
O2 - BHO: (no name) - {A2E694D5-FFDC-480A-8D57-03D6C61296DF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ACDD711E-F3A0-49FE-AD6A-76AEE17908EA} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B632E37B-9D3A-406F-BC57-D19DB58ED01C} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: (no name) - {D7942BB4-7B7A-4AED-9E59-BC21C2BBB16C} - C:\Windows\system32\tuvwv.dll
O2 - BHO: (no name) - {EAEFAA72-13D9-4637-97D7-C1C67A09C7FA} - (no file)
O2 - BHO: (no name) - {EDF43B2D-816F-4E2C-BEBF-1973632D2B6E} - (no file)
O2 - BHO: (no name) - {F3D8A3A0-8743-4A6D-BA4A-FDAF9267921F} - (no file)
O2 - BHO: (no name) - {F4EF22A4-2316-4776-A8FE-AEE94BA7A8BD} - (no file)
O2 - BHO: (no name) - {F608DA3C-508F-4B64-94C4-AEAF549D5B25} - (no file)
O2 - BHO: (no name) - {FCA02533-430B-4792-AF11-E9D010919E99} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqpq.dll,#1
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [728be7bc] rundll32.exe "C:\Windows\system32\xywmtcah.dll",b
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Freulon\AppData\Local\Temp\rqrpn.dll,#1
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\tuvwv.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Freulon\AppData\Local\Temp\kswbyknm.dll",run
O4 - HKCU\..\Run: [728be7bc] rundll32.exe "C:\Windows\system32\xywmtcah.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
ti²
 
Dsl pour le double post mais j'ai pas posté le bon rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:18:08, on 06/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0247B0D1-BDEB-4111-82F2-9D643290577F} - C:\Windows\system32\tuvwv.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Freulon\AppData\Local\Temp\opppq.dll,#1
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Freulon\AppData\Local\Temp\biekigou.dll",run
O4 - HKCU\..\Run: [728be7bc] rundll32.exe "C:\Users\Freulon\AppData\Local\Temp\jjfhbrrr.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 6 / 16
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
fix ces lignes:

O2 - BHO: (no name) - {0247B0D1-BDEB-4111-82F2-9D643290577F} - C:\Windows\system32\tuvwv.dll
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Freulon\AppData\Local\Temp\opppq.dll,#1

O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Freulon\AppData\Local\Temp\biekigou.dll",run
O4 - HKCU\..\Run: [728be7bc] rundll32.exe "C:\Users\Freulon\AppData\Local\Temp\jjfhbrrr.dll",b

________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

________

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Windows\system32\tuvwv.dll
C:\Users\Freulon\AppData\Local\Temp\opppq.dll
C:\Users\Freulon\AppData\Local\Temp\biekigou.dll
C:\Users\Freulon\AppData\Local\Temp\jjfhbrrr.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________
recolle hiajkchtis et dis tes soucis
0
Réponse 7 / 16
ti²
 
jai fais les opérations demandés mais ça na pas marche donc jai decidé de réinstaller spybot, ensuite jai lancé une analyse de spybot : il ma trouve deux ou trois spywares mais le probleme n'était toujours pas résolu.
finalement en relançant une analyse de Nod 32, celui ci ma detecte une vingtaine de virus dont ceux qui faisaient planter l'explorateur! ^^
Merci quand même pour ton aide!
0
Réponse 8 / 16
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
si tu avais collé les rapports on aurait pu voir...

si ca persiste colle les rapports comme combofix....
0
Réponse 9 / 16
aska94 Messages postés 1 Statut Membre
 
Bonjour j'ai le meme probleme : Explorer.exe sous vista bug et se coupe souvent ou "redemarre" tout seul ,

J'ai fait un scan avec hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:45, on 08/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Users\Jerome\Desktop\hijackthis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Jerome\AppData\Local\Temp\ddayw.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Jerome\AppData\Local\Temp\gebcy.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Jerome\AppData\Local\Temp\oejppvsu.dll",run
O4 - HKCU\..\Run: [9cbe018b] rundll32.exe "C:\Users\Jerome\AppData\Local\Temp\rhevmesq.dll",b
O4 - HKCU\..\Run: [BM9f8d3217] Rundll32.exe "C:\Users\Jerome\AppData\Local\Temp\qensmfab.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm022MXFR
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/WebfettiInitialSetup1.0.1.0.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{976F9A49-0E3F-43DB-9F04-7C12B70D7940}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
0
Réponse 10 / 16
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

____________

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

Télécharge maintenant Navilog1 depuis-ce lien :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
0
Réponse 11 / 16
lechatpotte Messages postés 37 Statut Membre
 
Hello hello

j'ai le même souci...

voici le rapport Hijack : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:10, on 13/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Users\Louis-Nicolas.HP\Téléchargements\HiJackThis.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D39F49BB-7816-4024-BD6D-C4D37A49165B} - C:\Windows\system32\xxywUNFu.dll (file missing)
O2 - BHO: {a55ac3c7-40b6-e8eb-7de4-08928979007f} - {f7009798-2980-4ed7-be8e-6b047c3ca55a} - C:\Windows\system32\nxugskeg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [1e62d0f1] rundll32.exe "C:\Windows\system32\tlavjmnr.dll",b
O4 - HKLM\..\Run: [BM1d51e36d] Rundll32.exe "C:\Windows\system32\astqewum.dll",s
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5403] command /c del "C:\WINDOWS\System32\xxywUNFu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2975] cmd /c del "C:\WINDOWS\System32\xxywUNFu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\Louis-Nicolas.HP\AppData\Roaming\Microsoft\dtsc\14515.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4783] command /c del "C:\WINDOWS\System32\xxywUNFu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7663] cmd /c del "C:\WINDOWS\System32\xxywUNFu.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11119 bytes
--

De tout j'veux prendre, deux fois et avec de la sauce !
0
Réponse 12 / 16
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vire ce qui est dans la sauvegarde de spybot

_____________

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
________________

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 13 / 16
gypse90 Messages postés 13 Statut Membre
 
Bonjour !

J'ai également le même problème... et ni kasperski ni avast ne me détectent de virus ! En revanche, kaspersky bloque régulièrement des liens internet et de nombreux fichiers .dll .

J'ai fait un Hijackthis et voila le rapport...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:56, on 28/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Windows\RtHDVCpl.exe
C:\Divers\Logiciels\HDTune.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\werfault.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Adobe\Adobe Premiere Pro CS3\PhotoshopServer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\WerFault.exe
C:\Windows\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0315BD3A-2347-4524-9938-3398CC2B929C} - C:\Windows\system32\fccyyVlk.dll (file missing)
O2 - BHO: (no name) - {18365C10-B296-46F0-B42C-14BBE4D2294F} - (no file)
O2 - BHO: (no name) - {54221442-23C2-4FD2-8D95-FBAC37C3A05F} - (no file)
O2 - BHO: (no name) - {7271BEF8-F44D-4464-945A-2796A6C214BF} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A65A8BA0-B3EB-4173-AF75-6A967B33C81D} - (no file)
O2 - BHO: (no name) - {F09B033E-83C0-4C08-9F8C-27BD25AED33b} - C:\Windows\system32\vcbvqlmj.dll
O2 - BHO: {4dd8f5d3-101c-792a-7c64-9a136ef8f13f} - {f31f8fe6-31a9-46c7-a297-c1013d5f8dd4} - C:\Windows\system32\cfgsoh.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HD Tune] C:\Divers\LOGICI~1\HDTune.exe
O4 - HKLM\..\Run: [XPC Tools] C:\Program Files\Shuttle\XPC Tools\XPCTools.exe RunOnStart
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BMfbbf96df] Rundll32.exe "C:\Windows\system32\htjabwqe.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Unknown owner - C:\Windows\system32\AvidSDMService.exe (file missing)
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\Windows\system32\AvidStartup.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
0
Réponse 14 / 16
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
un seul antvirus par ordi!!!!!!

vire un des deux!!

télécharge ceci

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

L'installation ne donne pas de grande difficulté, elle ne sera pas détaillée.
Cependant à l'issu de l'installation, il est conseillé de laisser l'option Update Malwarebyte's Anti-Malware cochée afin d'effectuer une mise à jour de la définition virale.

•• Pour démarrer Malwarebyte's Anti-Malware, double-cliquez sur l'icône créée sur le bureau.

Afin de supprimer un maximum d'infections, il convient de redémarrer votre ordinateur en mode sans échec, pour cela suivez les instructions de cette page : Redémarrer en mode sans échec

Démarrer Malwarebyte's Anti-Malware, vous devez avoir une icône sur le bureau.

Sinon cliquez sur le menu Démarrer / Programmes / Malwarebyte's Anti-Malware / Malwarebyte's Anti-Malware

*• Sélectionnez Perform full scan puis cliquez sur le bouton Scan pour lancer le scan.

* •Laissez vos disques dur cochés, vous pouvez décochez le lecteur de disquette et CD-Rom
* •Cliquez sur le bouton Start Scan pour démarrer le scan.

Le scan s'effectue... les éléments scannés défilent en haut.

* •Objet scanned correspond au nombre d'éléments scannés.
* •Objets infected correspond au nombre d'éléments malicieux détectés.

Laissez l'opération s'effectuer, si vous désirez annuler, cliquez sur le bouton Abort Scan en bas à droite.

* •Une fois le scan complété, vous recevez un message disant que celui-ci a réussi
* •Cliquez sur le bouton Show Results en bas pour afficher les éléments détectés

* •Les éléments détectés apparaissent sous forme de liste.
* •Ces derniers sont tous cochés, pour les supprimer, cliquez sur le bouton Remove Selected en bas à gauche.

* •Une barre de progression affiche l'avancement de la suppression

* •Si des éléments infectieux très difficiles à supprimer sont détectés (ce n'est donc pas forcément le cas), un message vous signale que le système devra être redémarré après le processus de suppression des malwares.
* •Cliquez sur le bouton Yes pour continuer.

* ••Un rapport de scan s'ouvre, sauvegardez le afin de pouvoir le récupérer en mode normal.••*

________________

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 15 / 16
gypse90 Messages postés 13 Statut Membre
 
Voila voila... tout s'est déroule sans problemes.
MalwareBytes m'a détécté 16 objets infectés (virtumonde notamment) et j'ai lancé ComboFix dont voici le rapport...

Merci encore pour tout.

ComboFix 08-06-20.4 - Administrateur 2008-06-29 10:33:23.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.1563 [GMT 2:00]
Endroit: C:\Users\Administrateur\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\ayGOYJjl.ini
C:\Windows\System32\ayGOYJjl.ini2
C:\Windows\system32\ecxbqees.ini
C:\Windows\System32\itkdyofe.ini2
C:\Windows\System32\itkdyofe.tmp
C:\Windows\System32\jmUwGfhk.ini
C:\Windows\System32\jmUwGfhk.ini2
C:\Windows\system32\lmycbbpo.ini
C:\Windows\system32\lsprst7.dll
C:\Windows\system32\media
C:\Windows\system32\media\AvidRender.wav
C:\Windows\System32\rAGQAcfe.ini
C:\Windows\System32\rAGQAcfe.ini2
C:\Windows\system32\ssprs.dll
C:\Windows\system32\vxtrrnmo.ini
C:\Windows\system32\vynbtkcc.ini
C:\Windows\system32\yfdetiam.ini
C:\Windows\system32\ypfwblim.ini
C:\Windows\system32\ytkwscqs.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))))))))
.

2008-06-29 09:58 . 2008-06-29 09:58 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-06-29 09:58 . 2008-06-29 09:58 <REP> d-------- C:\Users\Administrateur\AppData\Roaming\Malwarebytes
2008-06-29 09:58 . 2008-06-29 09:58 <REP> d-------- C:\ProgramData\Malwarebytes
2008-06-29 09:58 . 2008-06-29 09:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 09:58 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-29 09:58 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-28 22:03 . 2008-06-28 22:03 <REP> d-------- C:\VundoFix Backups
2008-06-28 22:01 . 2008-06-28 22:01 211 --a------ C:\Windows\wininit.ini
2008-06-28 21:27 . 2008-06-28 21:53 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-28 21:27 . 2008-06-28 21:53 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-28 21:27 . 2008-06-28 21:27 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-28 18:02 . 2008-06-28 18:02 <REP> d-------- C:\Program Files\Trend Micro
2008-06-28 16:01 . 2008-06-28 16:01 <REP> d-------- C:\Program Files\Alwil Software
2008-06-28 16:01 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-06-28 13:48 . 2008-06-28 13:48 103,424 --a------ C:\Windows\System32\smhvkidu.dll
2008-06-28 13:48 . 2008-06-28 13:48 103,424 --a------ C:\Windows\System32\cfgsoh.dll
2008-06-28 12:14 . 2008-06-28 12:15 90,624 --a------ C:\Windows\System32\uwdxgohi.dll
2008-06-26 12:54 . 2008-06-26 12:54 106,496 --a------ C:\Windows\System32\symhmrmo.dll
2008-06-26 10:20 . 2008-06-26 10:20 106,496 --a------ C:\Windows\System32\gxiioqvg.dll
2008-06-25 17:58 . 2008-06-25 17:59 91,136 --a------ C:\Windows\System32\lhtpaowc.dll
2008-06-25 14:37 . 2008-06-25 14:37 91,136 --a------ C:\Windows\System32\iwyixibi.dll
2008-06-25 14:34 . 2008-06-25 14:34 91,136 --a------ C:\Windows\System32\fkkjswhr.dll
2008-06-25 14:30 . 2008-06-25 14:30 <REP> d-------- C:\Users\All Users\Apple
2008-06-25 14:30 . 2008-06-25 14:30 <REP> d-------- C:\ProgramData\Apple
2008-06-25 14:30 . 2008-06-25 14:30 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-25 13:58 . 2008-06-25 13:58 <REP> d-------- C:\Program Files\MSXML 4.0
2008-06-25 13:45 . 2008-06-25 13:45 91,136 --a------ C:\Windows\System32\svebanuj.dll
2008-06-25 12:20 . 2008-06-25 12:20 91,136 --a------ C:\Windows\System32\funbahxf.dll
2008-06-25 11:28 . 2008-06-25 11:32 1,905 --a------ C:\Windows\diagwrn.xml
2008-06-25 11:28 . 2008-06-25 11:32 1,905 --a------ C:\Windows\diagerr.xml
2008-06-25 11:21 . 2008-06-25 11:21 99,840 --a------ C:\Windows\System32\bfbmgpku.dll
2008-06-25 11:09 . 2008-06-25 11:09 91,136 --a------ C:\Windows\System32\tttdvdys.dll
2008-06-24 22:17 . 2008-06-28 15:54 345 --ahs---- C:\Windows\System32\klVyyccf.ini
2008-06-20 10:38 . 2008-06-20 10:38 <REP> d-------- C:\Users\Administrateur\AppData\Roaming\Atari
2008-06-20 10:07 . 2008-06-20 10:07 <REP> d-------- C:\Program Files\CCleaner
2008-06-20 10:06 . 2008-06-20 10:06 <REP> d-------- C:\Program Files\Common Files\PocketSoft
2008-06-20 10:06 . 2002-02-27 18:50 197,120 --a------ C:\Windows\patchw32.dll
2008-06-14 18:28 . 2008-06-15 10:20 <REP> d-a------ C:\Users\All Users\TEMP
2008-06-14 18:28 . 2008-06-15 10:20 <REP> d-a------ C:\ProgramData\TEMP
2008-06-14 18:28 . 2008-06-14 18:28 <REP> d-------- C:\Fraps
2008-06-14 18:17 . 2008-06-14 18:18 <REP> d-------- C:\Beepa.Fraps.v2.8.2.6486.Retail-AnyFile
2008-06-14 16:46 . 2008-06-15 10:19 <REP> d-------- C:\Users\Administrateur\FRAPS
2008-06-14 16:07 . 2008-06-14 16:07 1,227,264 --a------ C:\Windows\System32\dx8vb.dll
2008-05-29 11:29 . 2008-05-29 11:29 <REP> d-------- C:\Users\All Users\Avid
2008-05-29 11:29 . 2008-05-29 11:29 <REP> d-------- C:\Users\Administrateur\AppData\Roaming\Avid
2008-05-29 11:29 . 2008-05-29 11:29 <REP> d-------- C:\ProgramData\Avid
2008-05-29 11:23 . 2008-05-29 11:23 <REP> d-------- C:\Program Files\Common Files\Digidesign
2008-05-29 11:22 . 2007-06-15 22:11 1,658,973 --a------ C:\Windows\System32\libmmd.dll
2008-05-29 11:22 . 2007-06-15 22:26 45,056 --a------ C:\Windows\System32\wnaspi32.dll
2008-05-29 11:22 . 2007-06-15 22:26 25,244 --a------ C:\Windows\System32\drivers\aspi32.sys
2008-05-29 11:22 . 2007-06-15 22:26 5,600 --a------ C:\Windows\system\winaspi.dll
2008-05-29 11:22 . 2007-06-15 22:26 4,672 --a------ C:\Windows\system\wowpost.exe
2008-05-29 11:21 . 2006-12-09 01:17 126,976 --a------ C:\Windows\System32\Digi32.dll
2008-05-29 11:20 . 2008-05-29 11:20 <REP> d-------- C:\Users\Administrateur\AppData\Roaming\InstallShield
2008-05-29 11:20 . 2008-05-29 11:20 <REP> d-------- C:\Program Files\Digidesign
2008-05-29 11:19 . 2007-06-15 23:09 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-05-29 11:19 . 2007-06-15 23:09 348,160 --a------ C:\Windows\System32\msvcr71.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 13:39 --------- d-----w C:\Users\Administrateur\AppData\Roaming\uTorrent
2008-06-25 12:31 --------- d-----w C:\Program Files\QuickTime Alternative
2008-06-25 12:30 --------- d-----w C:\ProgramData\Apple Computer
2008-06-25 11:31 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-24 20:43 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-24 16:19 --------- d-----w C:\Users\Administrateur\AppData\Roaming\FileZilla
2008-06-24 15:05 --------- d-----w C:\Program Files\Unlocker
2008-06-22 15:14 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-20 14:09 --------- d-----w C:\Program Files\Free Download Manager
2008-06-20 08:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 08:00 --------- d-----w C:\Program Files\Atari
2008-06-20 07:04 --------- d-----w C:\ProgramData\Messenger Plus!
2008-06-16 13:12 --------- d-----w C:\Program Files\Rockstar Games
2008-06-05 10:17 --------- d-----w C:\Program Files\JetAudio
2008-06-03 08:23 --------- d-----w C:\Users\Administrateur\AppData\Roaming\SpeedSim
2008-06-01 16:52 --------- d-----w C:\Users\Administrateur\AppData\Roaming\dvdcss
2008-06-01 09:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-27 18:54 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-05-22 15:27 --------- d-----w C:\Program Files\LEGO Star Wars Game
2008-05-22 15:06 --------- d-----w C:\Program Files\Lego Star Wars II
2008-05-18 08:26 --------- d-----w C:\Program Files\Microsoft Games
2008-05-17 22:14 --------- d-----w C:\ProgramData\Test Drive Unlimited
2008-05-17 15:34 --------- d-----w C:\Users\Administrateur\AppData\Roaming\COWON
2008-05-17 15:34 --------- d-----w C:\Program Files\Common Files\COWON
2008-05-17 15:27 --------- d-----w C:\Users\Administrateur\AppData\Roaming\Ahead
2008-05-13 20:51 --------- d-----w C:\ProgramData\NVIDIA
2008-05-13 19:42 --------- d-----w C:\Users\Administrateur\AppData\Roaming\Microsoft Games
2008-05-13 18:40 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-05-10 21:57 --------- d-----w C:\ProgramData\Minnetonka Audio Software
2008-05-10 16:56 --------- d-----w C:\Users\Administrateur\AppData\Roaming\Media Player Classic
2008-05-10 16:23 --------- d-----w C:\Users\Administrateur\AppData\Roaming\DivX
2008-05-10 11:40 --------- d-----w C:\Program Files\DivX
2008-05-10 11:40 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-05-10 09:50 --------- d-----w C:\ProgramData\FLEXnet
2008-05-10 09:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-10 09:34 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-10 08:17 --------- d-----w C:\ProgramData\eMule
2008-05-10 08:16 --------- d-----w C:\Users\Administrateur\AppData\Roaming\eMule
2008-05-10 08:16 --------- d-----w C:\Program Files\SpeedSim
2008-05-10 08:16 --------- d-----w C:\Program Files\eMule
2008-05-09 22:06 --------- d-----w C:\Users\Administrateur\AppData\Roaming\vlc
2008-05-09 22:06 --------- d-----w C:\Program Files\VideoLAN
2008-05-09 21:57 --------- d-----w C:\Program Files\uTorrent
2008-05-09 21:49 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-05-09 21:20 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-09 21:17 --------- d-----w C:\Program Files\Windows Live
2008-05-09 21:07 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-09 20:52 --------- d-----w C:\ProgramData\WLInstaller
2008-05-09 20:48 --------- d-----w C:\Program Files\TP-LINK
2008-05-09 20:08 --------- d-----w C:\Users\Administrateur\AppData\Roaming\Notepad++
2008-05-09 16:12 --------- d-----w C:\Users\Administrateur\AppData\Roaming\Talkback
2008-05-09 16:05 --------- d--h--w C:\ProgramData\CanonBJ
2008-05-09 15:50 --------- d-----w C:\Program Files\Shuttle
2008-05-09 15:49 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-09 15:49 315,392 ----a-w C:\Windows\HideWin.exe
2008-05-09 15:49 --------- d-----w C:\Program Files\Realtek
2008-05-09 15:29 --------- d-----w C:\Users\Administrateur\AppData\Roaming\Thunderbird
2008-05-09 15:29 --------- d-----w C:\Program Files\Real Alternative
2008-05-09 15:29 --------- d-----w C:\Program Files\ElcomSoft
2008-05-09 15:29 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-09 15:29 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-05-09 15:28 --------- d-----w C:\Users\Administrateur\AppData\Roaming\FlashFXP
2008-05-09 15:28 --------- d-----w C:\Program Files\Xtremsplit
2008-05-09 15:28 --------- d-----w C:\Program Files\QuickPar
2008-05-09 15:28 --------- d-----w C:\Program Files\Notepad++
2008-05-09 15:28 --------- d-----w C:\Program Files\MSECache
2008-05-09 15:24 --------- d-----w C:\Program Files\Microsoft Works
2008-05-09 15:23 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-09 15:19 --------- d-----w C:\Users\Administrateur\AppData\Roaming\Nero
2008-05-09 15:19 --------- d-----w C:\ProgramData\Nero
2008-05-09 15:19 --------- d-----w C:\Program Files\Nero
2008-05-09 15:19 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-09 15:08 --------- d-sh--w C:\ProgramData\Modèles
2008-05-09 15:08 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-05-09 15:08 --------- d-sh--w C:\ProgramData\Favoris
2008-05-09 15:08 --------- d-sh--w C:\ProgramData\Bureau
2008-05-09 15:08 --------- d-sh--w C:\Program Files\Fichiers communs
2008-05-09 15:06 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-05-09 15:05 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 15:38 4390912 C:\Windows\RtHDVCpl.exe]
"HD Tune"="C:\Divers\LOGICI~1\HDTune.exe" [2007-09-03 00:37 401408]
"XPC Tools"="C:\Program Files\Shuttle\XPC Tools\XPCTools.exe" [2007-05-04 13:44 5034046]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"MIDI1"= diomidi.dll
"wave1"= Digi32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 DigiNet;Digidesign Ethernet Support;C:\Windows\system32\DRIVERS\diginet.sys [2006-12-08 22:50]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]
R3 XPCDriver;XPCDriver;C:\Windows\system32\drivers\XPCDriver.sys [2007-05-02 10:15]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 10:36:47
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\conime.exe
C:\Divers\Logiciels\HDTune.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-29 10:39:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 08:39:31

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 141,588,205,568 octets libres

258
0
Réponse 16 / 16
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
analyses ces fichiers sur virus total et dis lesquels sont considérés comme infectés
https://www.virustotal.com/gui/

C:\Windows\System32\smhvkidu.dll
C:\Windows\System32\cfgsoh.dll
C:\Windows\System32\uwdxgohi.dll
C:\Windows\System32\symhmrmo.dll
C:\Windows\System32\gxiioqvg.dll
C:\Windows\System32\lhtpaowc.dll
C:\Windows\System32\iwyixibi.dll
C:\Windows\System32\fkkjswhr.dll
C:\Windows\System32\svebanuj.dll
C:\Windows\System32\funbahxf.dll
C:\Windows\System32\bfbmgpku.dll
C:\Windows\System32\tttdvdys.dll
C:\Windows\System32\klVyyccf.ini
0

Discussions similaires

plantage explorer.exe
pandax27 -
pandax27 -

2 réponses
Explorer.exe plante a chaque démarrage/redémarrage
Benjamin -
Malekal_morte- -

12 réponses
Probleme avec explorer.exe
manu -
cmonpseudoamoa -

1 réponse
Explorer.exe trèèèès gourmand
Boucot -
Boucot -

5 réponses
explorer.exe plante systematiquement
jiantox -
jiantox -

3 réponses